Skip to content
  1. Sep 28, 2010
  2. Sep 21, 2010
  3. Sep 20, 2010
  4. Sep 18, 2010
  5. Sep 12, 2010
  6. Aug 25, 2010
  7. Aug 15, 2010
  8. Aug 11, 2010
  9. Aug 10, 2010
  10. Aug 06, 2010
  11. Aug 02, 2010
  12. Jul 14, 2010
  13. Jul 13, 2010
  14. Jun 30, 2010
    • Kamil Dudka's avatar
      http_ntlm: add support for NSS · f3b77e56
      Kamil Dudka authored
      When configured with '--without-ssl --with-nss', NTLM authentication
      now uses NSS crypto library for MD5 and DES.  For MD4 we have a local
      implementation in that case.  More details are available at
      https://bugzilla.redhat.com/603783
      
      In order to get it working, curl_global_init() must be called with
      CURL_GLOBAL_SSL or CURL_GLOBAL_ALL.  That's necessary because NSS needs
      to be initialized globally and we do so only when the NSS library is
      actually required by protocol.  The mentioned call of curl_global_init()
      is responsible for creating of the initialization mutex.
      
      There was also slightly changed the NSS initialization scenario, in
      particular, loading of the NSS PEM module.  It used to be loaded always
      right after the NSS library was initialized.  Now the library is
      initialized as soon as any SSL or NTLM is required, while the PEM module
      is prevented from being loaded until the SSL is actually required.
      f3b77e56
  15. Jun 28, 2010
  16. Jun 16, 2010
  17. Jun 05, 2010
    • Constantine Sapuntzakis's avatar
      OpenSSL: fix spurious SSL connection aborts · a0dd9df9
      Constantine Sapuntzakis authored
      Was seeing spurious SSL connection aborts using libcurl and
      OpenSSL. I tracked it down to uncleared error state on the
      OpenSSL error stack - patch attached deals with that.
      
      Rough idea of problem:
      
      Code that uses libcurl calls some library that uses OpenSSL but
      don't clear the OpenSSL error stack after an error.
      
      ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
      the OS. Returns -1 to indicate an error
      
      ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
      ERR_get_error to check the OpenSSL error stack, finds an old
      error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
      SSL_ERROR_WANT_WRITE.
      
      ssluse.c returns an error and aborts the connection
      
      Solution:
      
      Clear the openssl error stack before calling SSL_* operation if
      we're going to call SSL_get_error afterwards.
      
      Notes:
      
      This is much more likely to happen with multi because it's easier
      to intersperse other calls to the OpenSSL library in the same
      thread.
      a0dd9df9
  18. Jun 04, 2010
  19. Jun 02, 2010
  20. Jun 01, 2010
    • Daniel Stenberg's avatar
      multi_socket: handles timer inaccuracy better for timeouts · 2c72732e
      Daniel Stenberg authored
      Igor Novoseltsev reported a problem with the multi socket API and
      using timeouts and timers. It boiled down to a problem with
      libcurl's use of GetTickCount() interally to figure out the
      current time, while Igor's own application code used another
      function call.
      
      It made his app call the socket API timeout function a bit
      _before_ libcurl would consider the timeout to trigger, and that
      could easily lead to timeouts or stalls in the app. It seems
      GetTickCount() in general often has no better resolution than
      16ms and switching to the alternative function
      QueryPerformanceCounter has its share of problems:
      http://www.virtualdub.org/blog/pivot/entry.php?id=106
      
      We address this problem by simply having libcurl treat timers
      that already has occured or will occur within 40ms subject for
      treatment. I'm confident that there are other implementations and
      operating systems with similarly in accurate timer functions so
      it makes sense to have applied generically and I don't believe we
      sacrifice much by adding a 40ms inaccuracy on these timeouts.
      2c72732e
  21. May 24, 2010
    • Howard Chu's avatar
      LDAP: properly implemented as a curl_handler · 2e056353
      Howard Chu authored
      makes the LDAP code much cleaner, nicer and in general being a
      better libcurl citizen. If a new enough OpenLDAP version is
      detect, the new and shiny lib/openldap.c code is then used
      instead of the old cruft
      
      Code by Howard, minor cleanups by Daniel.
      2e056353
  22. May 21, 2010
  23. May 19, 2010
  24. May 18, 2010
  25. May 16, 2010
  26. May 14, 2010
    • Daniel Stenberg's avatar
      OpenSSL: multi interface handshake could hang · 77cfeadf
      Daniel Stenberg authored
      John-Mark Bell filed bug #3000052 that identified a problem (with
      an associated patch) with the OpenSSL handshake state machine
      when the multi interface is used:
      
      Performing an https request using a curl multi handle and using
      select or epoll to wait for events results in a hang. It appears
      that the cause is the fix for bug #2958179, which makes
      ossl_connect_common unconditionally return from the step 2 loop
      when fetching from a multi handle.
      
      When ossl_connect_step2 has completed, it updates
      connssl->connecting_state to ssl_connect_3. ossl_connect_common
      will then return to the caller, as a multi handle is in
      use. Eventually, the client code will call curl_multi_fdset to
      obtain an updated fdset to select or epoll on. For https
      requests, curl_multi_fdset will cause https_getsock to be called.
      https_getsock will only return a socket handle if the
      connecting_state is ssl_connect_2_reading or
      ssl_connect_2_writing.  Therefore, the client will never obtain a
      valid fdset, and thus not drive the multi handle, resulting in a
      hang.
      
      (http://curl.haxx.se/bug/view.cgi?id=3000052)
      77cfeadf
    • Daniel Stenberg's avatar
      follow redirect: ignore response-body on redirect even if compressed · 7764795c
      Daniel Stenberg authored
      Sebastian V reported bug #3000056 identifying a problem with
      redirect following. It showed that when curl followed redirects
      it didn't properly ignore the response body of the 30X response
      if that response was using compressed Content-Encoding!
      
      (http://curl.haxx.se/bug/view.cgi?id=3000056)
      7764795c
  27. May 12, 2010
  28. May 11, 2010
  29. May 07, 2010
    • Daniel Stenberg's avatar
      multi interface: missed storing connection time · adaf8753
      Daniel Stenberg authored
      Dirk Manske reported a regression. When connecting with the multi
      interface, there were situations where libcurl wouldn't store
      connect time correctly as it used to (and is documented to) do.
      
      Using his fine sample program we could repeat it, and I wrote up
      test case 573 using that code. The problem does not easily show
      itself using the local test suite though.
      
      The fix, also as suggested by Dirk, is a bit on the ugly side as
      it adds yet another call to Curl_verboseconnect() and setting the
      TIMER_CONNECT time.  That situation is subject for some closer
      inspection in the future.
      adaf8753
    • Daniel Stenberg's avatar
      changelogs: split the I/O handling · aca0fff4
      Daniel Stenberg authored
      aca0fff4
  30. May 05, 2010
  31. Apr 29, 2010
  32. Apr 25, 2010